On 2016-11-19 14:05, Matthew Wild wrote: > On 19 November 2016 at 12:52, David Banes <[email protected]> wrote: >> How about following the very large email providers lead and do something >> like this; >> >> https://en.wikipedia.org/wiki/DMARC >> https://dmarc.org/2016/02/how-can-i-tell-who-is-using-dmarc/ > > DMARC prevents spoofing (e.g. spammers sending email from random > places, but appearing like it came from legitimate servers). Email > trivially allows this by default. XMPP does not have the same problem, > and spoofing is not possible, and is not happening in these spam > messages.
DMARC doesn't do that by itself, but by having means to say "I enforce DKIM signing on x percentage of my outgoing email" and / or "I have SPF". XMPP doesn't really need that part. But it also has a way to ask for reports to be sent to a specified address. Reports covering how many messages did or did not match rules etc. This part could be of interest. It might have some overlap with XEP 0268. -- Regards, Kim "Zash" Alvefur
signature.asc
Description: OpenPGP digital signature
